Comment by bluGill

Comment by bluGill 16 hours ago

34 replies

View on Hacker News

At least he got a response. Meaning the address didn't change mostly.

A few years back I worked on an embedded linux project. For our first "alpha" release one of the testers read through the license agreement (as opposed to scrolling past all that legalese like most people do) and found the address to write to to get all the GPL source, he then send a letter to the address and it was returned to sender, invalid address. Somehow the lawyers found out about this and the forced us to do a full recall, sending techs to each machine to install an update (the testers installed the original software and were expected to apply updates, but we still had to send someone to install this update and track that everyone got it). Lawyers want to show good faith in courts - they consider it inevitable that someone will violate the GPL and are hoping that by showing good faith attempts to follow the letter and spirit the court won't force releasing our code when a "rouge employee" manages to violate the license.

The more important take away is if your automated test process doesn't send letters to your GPL compliance address to verify it works then you need manual testers: not only are you not testing everything, but you didn't even think of everything so you need the assurance of humans looking for something "funny".

AlbinoDrought 13 hours ago

The Free Software Foundation closed their office at 51 Franklin St in August 2024 [1]. Their new mailing address is on 31 Milk Street [2].

If this test was reproduced today, we may see different results ;)

[1]: https://www.fsf.org/blogs/community/fsf-office-closing-party

[2]: https://www.fsf.org/about/contact/mailing

Reply View 18 replies
  • dunham 13 hours ago

    That's recent enough that mail forwarding should work, if they set it up:

    > Standard mail forwarding lasts 12 months. You can pay to extend mail forwarding for 6, 12, or 18 more months (18 months is the maximum).

    Edit for source: https://www.usps.com/manage/forward.htm

    Reply View 13 replies
    • giancarlostoro 12 hours ago

      > > Standard mail forwarding lasts 12 months. You can pay to extend mail forwarding for 6, 12, or 18 more months (18 months is the maximum).

      That's kind of awkward when you consider people will find that address for source code where that license file just wont be updated for decades to come, if at all.

      Reply View 12 replies
      • 1oooqooq 8 hours ago

        since this is hacker news... i once had some trouble changing mail address from one supplier (they would send the materials to the new address, but insisted on sending billing/tax info to the old one) so i did the mail forward process some three times + their extensions (i recall it was 6 + 3mo or so)... it got me close to 3 yrs of reliable mail forward from the great folks at usps until i could get thru the supplier personnel thick skull.

        the only issue "redoing" the request is that people at the old address can block it, so be sure to talk to them first.

        Reply View 2 replies
  • twic 8 hours ago

    This test isn't about writing to the FSF, it's about writing to the vendor who supplied the software.

    Reply View 0 replies
diggan 15 hours ago

An updated version would say to make sure every email address you use/show in the application/terms/policies are usable and someone receives it.

When reviewing stuff that introduces new emails and whatnot I always spend 10-20 seconds sending an email with "Please respond if you see this" to verify it actually works and someone receives it, as I've experienced more than once that no one actually setup the email before deploying the changes that will show the email to users.

Reply View 0 replies
chasd00 8 hours ago

reminds me of this old joke. Two testers walk into a bar, the first says "i'll have a beer please" and they get their beer as expected. The second says "I just want water" and they get the water just like the asked. Then a user walks into the bar and asks "where's the bathroom?". The bar explodes.

Reply View 0 replies
terinjokes 15 hours ago

Why should the test process be sending physical letters (edit: in 2025)? Nothing in the GPLv2 requires a physical letter.

The address the OP sent a letter too has already been removed from the canonical version of the license (and was itself an unversioned change from the original address), and section 3 doesn't require a physical offer if the machine-readable source code is provided.

Reply View 12 replies
  • ndiddy 14 hours ago

    Some companies still do this mainly to make the GPL request process more annoying so fewer people do it. If you have to mail a letter with a check to cover shipping/handling and wait for the company to send you a CD-R with the code on it, fewer people will look at the code compared to if the company just put it on Github or something.

    Reply View 11 replies
    • terinjokes 12 hours ago

      If the goal is to be annoying, sure make sure folks can jump through hoops. I just don't think in 2025 a company legitimately intending to satisfy the GPL requirements needs anything to do with physical mail, since they'll provide it online.

      I stopped putting in requests for source code offers because I've had a 0% success rate.

      Reply View 3 replies
      • immibis 10 hours ago

        Companies don't legitimately intend to satisfy the GPL requirements.

        If you put in a source code request and get no reply you should try to contact the copyright holder or someone like the Software Freedom Conservancy or the EFF, because they are breaking the law. There was a case recently in Germany where a court forced a maker of home routers to give up not just their source code, but also the scripts to install modified software - as required by the license. (As I understand it there is no precedent in a civil law system, but it does mean at least one judge believes Tivoization of GPLv2 software is illegal)

        Reply View 1 reply
    • bluGill 14 hours ago

      Most of the time the GPL request is a waste of time with no purpose other than annoy a company. You can download linux source code from many places, why do you want to get it from us?

      There is a slight possibility we have a driver that you could get access to, but without the hardware it won't do you any good. Once in a while we have hacked the source to fix a bug, but if it isn't upstream it is because the fix would be accepted (often it causes other bugs that don't matter to use), and in any case if it isn't upstream, the kernel moves so fast you wouldn't be able to use it anyway.

      Reply View 6 replies
      • regentbowerbird 12 hours ago

        You only have to serve those requests if you distribute your changes yourself.

        So presumably as a hardware company you'd be offering your hardware with your custom linux installed, and then people wanting to audit or hack the product they bought would request the code from you.

        Reply View 2 replies
      • ndiddy 11 hours ago

        Again I see no purpose in doing things this way besides trying to minimize the amount of people who look at your GPL code for some reason. Isn't it more annoying for the company to make someone in customer support read paper letters, burn the GPL package onto a CD-R, and mail it than it is to simply host the GPL package for each product on a support site or Github or something and include a link in the product documentation?

        Reply View 1 reply
        • ack_complete 2 hours ago

          There's definitely a purpose, it's to obfuscate usage of GPL software and dodgy linkage. There's no other reason for situations like hosting a binary download as a plain download on a website while getting the source requires mailing a check or money order to a UK address.

          Reply View 0 replies
      • immibis 10 hours ago

        There's actually a near-100% chance that the kernel on my device is not the upstream kernel. There's a near-100% chance that you have added some custom drivers or got them from your upstream. There's also a near-100% chance that you have written some scripts to install the kernel on the device, which you are required (at least one German judge thinks so) to share with me so that I can install a modified kernel on my device.

        Reply View 0 replies